Cybersecurity experts believe AI is changing their work at a ‘fundamental’ level

AI has become the handgun at the proverbial knife fight. The question now is who has the faster draw and the better aim. Is the edge with the cybercriminals looking for weak points in firewalls? Or the security professionals trying to stop the bad guys from finding any? 

Sometimes it’s one, other times the other. Which is to say that both sides are using AI and using it hard. 

“This is the most change in the cyber environment, ever,” Francis deSouza, president of security products at Google Cloud, tells The New York Times in an article published April 6. “You have to fight AI with AI.”

Here are five key takeaways from the piece. 

1. Cybersecurity experts are increasingly vocal in their warnings that AI is fundamentally changing cybersecurity.

The uptick in insistence comes as Anthropic and OpenAI are getting ready to release new and more powerful AI systems, Times technology writers Cade Metz and Kate Conger point out. 

The latest AI upgrades from those two companies and other AI heavy hitters, they write, could allow hackers to identify security holes in computer systems “far faster than in the past, vastly raising the stakes in the decades-long fight between hackers and the security experts guarding computer networks.”

2. Experts disagree on whether one side of this struggle has gained a significant advantage through AI.

Further, they are unsure how the battle will play out in the coming years, Metz and Conger note. 

“But most agree that the companies and governments that do not embrace the latest AI for defensive purposes will leave themselves enormously vulnerable.”

3. Some hackers specialize in breaking into systems and then selling off their access to other attackers. 

Those handoffs used to take as much as eight hours, as hackers negotiated the sales and passed along the compromised entry points, Google’s deSouza tells the reporters. “Now that process has accelerated to about 20 seconds, with hackers sometimes using AI agents to speed up the process.”

4. The guardrails added by companies like Anthropic and OpenAI can inadvertently offer an advantage to malicious attackers. 

“Guardrails could cause a chatbot to deny help to a user trying to defend a system from an attack,” Metz and Conger write, “but persistent hackers could be more diligent about finding vulnerabilities—and keeping those tricks to themselves.”

5. Some experts argue that defenders have an advantage over offenders. 

Cybersecurity pros “just have to find the holes,” Metz and Conger remind, citing the opinion of Zico Kolter, an OpenAI board member and a professor of computer science at Carnegie Mellon University who specializes in security and AI. 

Hackers with bad intentions, meanwhile, “must both find and exploit the holes.”

“It is easier to find a vulnerability than to meaningfully exploit it,” Kolter says. 

What’s more, Kolter suggests, AI tools are only marginally capable when used by people with lesser skills: “You still need a software architect in the loop with these systems.” 

Article here (behind paywall).